diff options
author | Florian Westphal <fw@strlen.de> | 2020-11-30 16:36:29 +0100 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2020-12-03 12:56:03 -0800 |
commit | 41dd9596d6b239a125c3d19f9d0ca90bdbfbf876 (patch) | |
tree | e9f12745deb241b4feaa431938dffcb79b5a6881 /security/apparmor | |
parent | d4bff72c8401e6f56194ecf455db70ebc22929e2 (diff) | |
download | lwn-41dd9596d6b239a125c3d19f9d0ca90bdbfbf876.tar.gz lwn-41dd9596d6b239a125c3d19f9d0ca90bdbfbf876.zip |
security: add const qualifier to struct sock in various places
A followup change to tcp_request_sock_op would have to drop the 'const'
qualifier from the 'route_req' function as the
'security_inet_conn_request' call is moved there - and that function
expects a 'struct sock *'.
However, it turns out its also possible to add a const qualifier to
security_inet_conn_request instead.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: James Morris <jamorris@linux.microsoft.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'security/apparmor')
-rw-r--r-- | security/apparmor/include/net.h | 2 | ||||
-rw-r--r-- | security/apparmor/lsm.c | 2 | ||||
-rw-r--r-- | security/apparmor/net.c | 6 |
3 files changed, 5 insertions, 5 deletions
diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h index 2431c011800d..aadb4b29fb66 100644 --- a/security/apparmor/include/net.h +++ b/security/apparmor/include/net.h @@ -107,6 +107,6 @@ int aa_sock_file_perm(struct aa_label *label, const char *op, u32 request, struct socket *sock); int apparmor_secmark_check(struct aa_label *label, char *op, u32 request, - u32 secid, struct sock *sk); + u32 secid, const struct sock *sk); #endif /* __AA_NET_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ffeaee5ed968..1b0aba8eb723 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1147,7 +1147,7 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent) } #ifdef CONFIG_NETWORK_SECMARK -static int apparmor_inet_conn_request(struct sock *sk, struct sk_buff *skb, +static int apparmor_inet_conn_request(const struct sock *sk, struct sk_buff *skb, struct request_sock *req) { struct aa_sk_ctx *ctx = SK_CTX(sk); diff --git a/security/apparmor/net.c b/security/apparmor/net.c index fa0e85568450..e0c1b50d6edd 100644 --- a/security/apparmor/net.c +++ b/security/apparmor/net.c @@ -211,7 +211,7 @@ static int apparmor_secmark_init(struct aa_secmark *secmark) } static int aa_secmark_perm(struct aa_profile *profile, u32 request, u32 secid, - struct common_audit_data *sa, struct sock *sk) + struct common_audit_data *sa) { int i, ret; struct aa_perms perms = { }; @@ -244,13 +244,13 @@ static int aa_secmark_perm(struct aa_profile *profile, u32 request, u32 secid, } int apparmor_secmark_check(struct aa_label *label, char *op, u32 request, - u32 secid, struct sock *sk) + u32 secid, const struct sock *sk) { struct aa_profile *profile; DEFINE_AUDIT_SK(sa, op, sk); return fn_for_each_confined(label, profile, aa_secmark_perm(profile, request, secid, - &sa, sk)); + &sa)); } #endif |